Vulnerability Details : CVE-2012-1108
The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-1108
Probability of exploitation activity in the next 30 days: 1.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1108
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-1108
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1108
-
http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html
multiple security vulnerabilities in taglib
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73665
TagLib parse() denial of service CVE-2012-1108 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/03/05/19
oss-security - Re: CVE-Request taglib vulnerabilities
-
http://www.securityfocus.com/bid/52284
taglib Buffer Overflow and Divide-By-Zero Denial of Service Vulnerabilities
-
http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html
multiple security vulnerabilities in taglib
-
https://github.com/taglib/taglib/commit/b3646a07348ffa276ea41a9dae03ddc63ea6c532
Be more careful when parsing Vorbis Comments · taglib/taglib@b3646a0 · GitHubExploit;Patch
-
http://www.gentoo.org/security/en/glsa/glsa-201206-16.xml
TagLib: Multiple vulnerabilities (GLSA 201206-16) — Gentoo security
Products affected by CVE-2012-1108
- cpe:2.3:a:scott_wheeler:taglib:*:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:scott_wheeler:taglib:1.3:*:*:*:*:*:*:*